nopCommerce — Secure and Latest Versions

As a courtesy to our customers, we maintain a list of recent versions and the important security updates for nopCommerce. Generally, the most current version of your CMS is the most secure, but if you have an older version of your CMS, it can be hard to find information on whether your version is secure or not.

Bookmark this KB, and we will continue to update it with the most current secure version information.

What is the latest secure version of nopCommerce?

nopCommerce 4.0 — Major Release

This latest 4.0 version of nopCommerce is the first major features update to the CMS since the massive 3.8 update, which was released March 7, 2017. Users familiar with nopCommerce will know that nopCommerce as been focused on moving the CMS to ASP.NET Core 2.0. As a note on the migration to ASP.NET Core 2.0 that nopCommerce still targets ASP.NET 4.6.1. Full support for ASP.NET Core targeted for Q1-Q2 of 2018. Other major performance enhancements have been included in this new version as well.

To check out the full list of updates, improvements, and new features added in nopCommerce 3.9, be sure you take a few minutes to dive through the robust patch notes. For more information on this latest update, read the official nopCommerce 4.0 release notes here.

nopCommerce 3.9 — Features Update

This latest 3.9 version of nopCommerce is the first major features update to the CMS since the massive 3.8 update, which was released August 3, 2016. Users familiar with nopCommerce will know to expect a huge update from the team, and this one continues that tradition. Version 3.9 of the platform includes native compliance with PCI DSS 3.2 requirements, support conditions in message templates, improved boolean logic, allowance for multiple discount coupon codes, improved administrative functionality for store owners, the much requested "bundled products" feature, stock changes, and the ability for store owners and vendors to reply to product reviews.

To check out the full list of updates, improvements, and new features added in nopCommerce 3.9, be sure you take a few minutes to dive through the robust patch notes. For more information on this latest update, read the official nopCommerce 3.9 release notes here.

nopCommerce 3.8 — Features Update

This latest 3.8 version of nopCommerce is the first major update to the CMS in 2016. The last full-point update, nopCommerce 3.7, released December 8, 2015. Unlike some CMS platforms, nopCommerce has developed a reputation for having feature-packed updates; version 3.8 is no different. Some of the new features and updates include: a fully responsive and redesigned admin area, UI and UX improvements throughout, ability to apply cumulative discounts, color square attribute type, conditional checkout attributes, new product type Image Squares, better "in store pickup" support and options, filtering by specific attributes with "or" function, support for reCAPTCHA v2, and new advanced search options such as allowing search by vendor.

This barely scratches the surface of all the new features and improvements added in nopCommerce 3.8, not to mention the host of bugs that have been fixed. For more information on all of the new features and updates, read the official nopCommerce 3.8 release notes here.

nopCommerce 3.7 — Features Update

This version of nopCommerce includes several new features and improvements, including: conditional product attributes, access control list for topics, discontinued messages, new store owner options, authorize.NET plugin option including updated URLs according to the latest Akamai changes, more customer-friendly messages integrated throughout, and multiple updates to the platform all around. More information about nopCommerce 3.7 can be found in the release notes blog here.

nopCommerce 3.6 — Features Update

Version 3.6 of nopCommerce adds multiple new features, including: new default theme (clean, modern, and responsive), predefined product attribute values, base price support added, and several security and performance enhancements. For more information on the 3.6 update, see the official release notes here.

nopCommerce 3.5 — Features Update

Version 3.5 of nopCommerce adds support for rental products along with better warehouse support and inventory control. It also adds an "order paid" message template, more URLs to sitemaps, and clickable payment icons in multi-step checkout. For more information on the 3.5 update, see the official release notes here.

nopCommerce 3.4 — Maintenance Update

This version did not introduce any new features, but focused on "performance optimization and fixing bugs." According to the official release notes, the improvements from this update in "performance and memory usage optimizations are really very significant." To see a full list of improvements, read the official release notes here.

nopCommerce 3.3 — Features Update

This version now makes the default theme responsive out of the box. There was also significant work done for performance optimization. Several changes and improvements were made throughout to help optimization, such as faster installation processes and caching generated sitemaps. A full list of changes can be found in the official release notes here.

nopCommerce 3.2 — Maintenance Update

This is a great bug squashing update that also boasts several performance optimization tweaks. This update also added warehouse support, improved UI, and the "Facebook shop" plugin that helps sotre owners present their store products on Facebook. A full list of changes are in the official release notes here.

nopCommerce 3.1 — Maintenance Update

This update includes numerous new features to give the store owner more administrative control. Now a store owner can configure shipping rates per store, set different prices in different stores, configure payment modules per store, search product reviews by keywords, and search shipments by a tracking number.

Note that users upgrading to 3.1 from an older version may require extra steps that can be found in the readme.txt upgrade file. For more information on all the changes and tweaks in this update, see the official release notes here.

nopCommerce 3.0 — Security Update

This update includes numerous features that have been asked for by the nopCommerce Community. Also, the nopCommerce team fixed a critical security issue derived from a third-party library that affects all 2.x versions of nopCommerce. All users of older versions are encouraged to update immediately to close this vulnerability. The upgrade is highly recommended by our team as well as the nopCommerce Security Team.

Aside from the security fix, this update also includes multi-store support, multi-vendor support, multiple SEO fixes, as well as a Google Checkout plugin. For more information on the critical security issue fixed by this update, along with the numerous other improvements, see the full release notes here.

nopCommerce 2.8 — Maintenance Update

Version 2.8 of nopCommerce introduces a new clean and modern theme to serve as the default theme. "Color Squares" have also been added as a viable attribute control type. Several bug fixes were made including a critical issue affecting SSL support on mobile devices. More information can be found in the official release notes here.

nopCommerce 2.7 — Maintenance Update

Along with performance optimizations, this update includes additional search engine optimizations and a more accurate tool for shipping package dimension calculations. Many JavaScript files were bundled to increase performance optimization, and new activity log types were added for public stores. More information can be found in the official release notes here.

nopCommerce 2.65 — Security Update

This update addresses a "critical issue caused by a third-party assembly when running nopCommerce on a server with .NET 4.5 installed." Users are encouraged to update immediately in order to fix this issue. More information on this security fix can be found in the official release notes here.

nopCommerce 2.60 — Features Update
This update includes a new flyout mini-shopping cart, full-text support, and auto-complete suggestions for product searching. New improvements in the admin area give more control to store administrators, and changes to the nopCommerce core have phased out Flash — nopCommerce now uses Valum file uploader. More information can be found in the official 2.6 release notes documentation here.

nopCommerce 2.50 — Security Update
This update addresses a critical XSS security issue, and moves all ASP.NET MVC assemblies in order to address the bug. Changes to the login credentials should provide better security; a gift issue was fixed, and further changes were made to work with Internet Explorer. A complete list of bugs tackled in this update can be found in the official release notes here.

nopCommerce 2.40 — Maintenance Update
Version 2.4 adds support for MailChimp, as well as further changes for performance optimization. The WYSIWYG editor was applied to areas that still (some how) did not have it, and several dead pieces of jquery were deleted from the core — only ones that weren't being used. Full release notes can be found here.

nopCommerce 2.30 — Features Update
Further performance optimizations to the nopCommerce core have been added with the 2.3 update. Other highlighted features include: back in stock notifications, product special price support, and a catalog mode. Localization fixes for shipping method and currency were also implemented. To see a full list of changes in this update, see the official release notes here.

nopCommerce 2.20 — Features Update
This version adds the much-requested one page checkout option. Now your customers can make purchases from your eCommerce site faster than ever. Support has also been added for right-to-left users, and a generic event system has been implemented for users, and the installation wizard now has an option to create a database if it doesn't exist. More information on the 2.2 release of nopCommerce can be found in the official notes here.

nopCommerce 2.10 — Maintenance Update
This version of nopCommerce adds CMS support in the form of widgets. nopCommerce 2.10 also gets more social with OpenID, Facebook, and Twitter authentication support. Multilingual SEO URLs have been added, along with product templates and performance optimizations with SQL Server indexes. For more information, read the official release notes here.

nopCommerce 2.00 — Features Update
This is one of the biggest updates in the history of nopCommerce. It is highly recommended you update in order to take full advantage of all the new changes, features, and updates the nopCommerce Team has implemented. Here's their official statement:

"nopCommerce 2.00 was rewritten from scratch. Our development efforts were focused on moving nopCommerce to ASP.NET MVC 3.0, architecture improvements, further enhancements and fixing bugs. We also decided not to ship nopcommerce with all the payment modules that were included in the previous versions (about 35 modules). Only some of them are available out of the box. All other payment modules will be available as plugins."

More information about the big changes in nopCommerce version 2.00 can be found in the official release notes documentation here.

nopCommerce 1.9 and Under — Insecure
These versions are out of date and do not have the latest updates or features. The nopCommerce platform has gone through significant changes since these older versions were current, and nopCommerce 2.00 in particular completely rebuilt the platform from the ground up. If you are running a version of nopCommerce that is 1.90 or older, you will be at risk from several legacy bugs.

These older versions are no longer supported by the core nopCommerce team. For your eCommerce website’s security and function, please upgrade immediately to a secure, more feature-rich version of nopCommerce

Don't See Your Version Here? You Need To Upgrade
If you do not see your version of nopCommerce here, you should upgrade immediately for the latest security and performance benefits. Certain older versions of nopCommerce may contain critical security vulnerabilities.